downloads

my downloads stay with the blue ring and are not accessible. I have to go to my download folder to run my downloads. all works fine if I stop Sophos System Proctection Service.

chrome Browser ver 108

Products: core Agent 2022.2.2.1

Sophos Intercept X 2022.2.3.3



Edited TAGs
[edited by: Gladys at 6:49 AM (GMT -8) on 19 Dec 2022]
Parents
  • Are they large downloads?

    Archives maybe? 

    Could it be Download Reputation scanning the files at the end of the download?

    If you enable debug logging of iOfficeAV from Endpoint Self Help and click Save:

    If you re-launch the browser and test a download, under: C:\ProgramData\Sophos\Endpoint Defense\Logs\Low\ will be the log file iofficeav.log.

    This will detail the:

    D Scan request:

    and the 

    D Scan response:

    for the downloads so you can note the times in the log.

    Prior to the Scan response message, you might expect to see CPU and memory consumed by SophosFileScanner.exe and then SSPService.exe.  There is a 15-minute timeout on these scans, and they do scan inside archives. 

    You can disable Download Rep in Sophos Central as a test.

    The DLL that implements iOfficeAntiVirus in the browser processes that supports it, is sophosofficeav.dll and loaded from:

    "C:\Program Files\Sophos\Sophos Network Threat Protection\IOAV\x64\" for 64-bit browser processes and "C:\Program Files\Sophos\Sophos Network Threat Protection\IOAV\x86\", for 32-bit browser processes.

    Firefox for example doesn't support iOfficeAntiVirus, so the file isn't scanned at the end of the download in the same way.

    If you exclude from real-time scanning: C:\users\*\downloads\*.zip for example, then zip files downloaded would not be scanned by Download Rep when downloaded to the path mentioned.

    You could also just rename sophosofficeav.dll and re-lauch the browser so the DLL isn't loaded to disable Download Rep as a test.

    Hope it helps at least explain it.

Reply
  • Are they large downloads?

    Archives maybe? 

    Could it be Download Reputation scanning the files at the end of the download?

    If you enable debug logging of iOfficeAV from Endpoint Self Help and click Save:

    If you re-launch the browser and test a download, under: C:\ProgramData\Sophos\Endpoint Defense\Logs\Low\ will be the log file iofficeav.log.

    This will detail the:

    D Scan request:

    and the 

    D Scan response:

    for the downloads so you can note the times in the log.

    Prior to the Scan response message, you might expect to see CPU and memory consumed by SophosFileScanner.exe and then SSPService.exe.  There is a 15-minute timeout on these scans, and they do scan inside archives. 

    You can disable Download Rep in Sophos Central as a test.

    The DLL that implements iOfficeAntiVirus in the browser processes that supports it, is sophosofficeav.dll and loaded from:

    "C:\Program Files\Sophos\Sophos Network Threat Protection\IOAV\x64\" for 64-bit browser processes and "C:\Program Files\Sophos\Sophos Network Threat Protection\IOAV\x86\", for 32-bit browser processes.

    Firefox for example doesn't support iOfficeAntiVirus, so the file isn't scanned at the end of the download in the same way.

    If you exclude from real-time scanning: C:\users\*\downloads\*.zip for example, then zip files downloaded would not be scanned by Download Rep when downloaded to the path mentioned.

    You could also just rename sophosofficeav.dll and re-lauch the browser so the DLL isn't loaded to disable Download Rep as a test.

    Hope it helps at least explain it.

Children
No Data